Sample details: 7ce119745171ccffb70d01563fd72998 --

Hashes
MD5: 7ce119745171ccffb70d01563fd72998
SHA1: c7147b5ad59573fd771de291eded0b48690bf2e8
SHA256: 8adf8b5ca0141c87a55cf83d3016eec1c8a0d8ec6dc677ce8f90bc9f4fee0ce7
SSDEEP: 384:csSj1Nwym33repRZqiHmszP7NmjDy0E/ZT8SNZzyddrPG:HSj15ub4Zqq/ZfByS7YZG
Details
File Type: MS-DOS
Added: 2018-03-06 19:33:32
Yara Hits
YRP/MicroJoiner_17_coban2k_additional | YRP/Upack_037_beta_Dwing | YRP/Upack_037_beta_Dwing_additional | YRP/Upack_v036_beta_Dwing | YRP/Upack_036_beta_Dwing | YRP/Upackv036betaDwing | YRP/Upackv036alphaDwing | YRP/UpackV036Dwing | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/domain | YRP/contentis_base64 | YRP/suspicious_packer_section | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://52.161.26.253/10022.malware
Strings
		MZLoadLibraryA
KERNEL32.DLL
GetProcAddress
.Upack
.ByDwing
W]`_%`O
522J,e
%@Hatng@.
"mzDtC
SU"dL)"iz
'%Q?F6k
1z{d31
y$POq	S
cDD`_<
rAE%gw
h	M~/uS
bI NR@
-2F(;0
muqk<H
JPlxgaR
{i$3Ev
!p%>PW
uuJpcf-
)Qt>CH
gi"8z/
oS\B.@,
:7y8Hx
xinBA?]
_v^|6v
Ng$U5+x3
:!+bSGM